[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-dotnet
Subject: [Owasp-dotnet] OWASP SiteGenerator
From: "Dinis Cruz" <dinis () ddplus ! net>
Date: 2007-01-23 2:10:25
Message-ID: 701fd6b60701221810gba251a4p549a80139f6cd959 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello, I just realized that I never sent to this list the latest information
on the new version of OSG (OWASP SiteGenerator) which is much more stable
and usable :)
Please test it and send all feedback to me and Mike.
If you are looking for mini projects, adding vulnerabilities to OSG are a
great place to start
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
OWASP SiteGeneratorDescription
OWASP SiteGenerator allows the creating of dynamic websites based on XML
files and predefined vulnerabilities (some simple, some complex) covering
.Net languages and web development architectures (for example, navigation:
Html, Javascript, Flash, Java, etc...).
Uses
- Evaluation of Web Application Security Scanners
- Evaluation of Web Application Firewalls
- Developer Training
- Web Honeypots
- Web Application hacking contests (or evaluations)
- Whatever your mind can come up with!
Downloads
- Website installer:
SiteGenerator_IIS_Website_Setup.msi<http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_IIS_Website_Setup_v0.80.msi>(Version
0.80) - Updated 12/20/2006
- Gui Installer:
Owasp_SiteGenerator.msi<http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_GUI_Setup_v0.80.msi>(Version
0.80) - Updated 12/20/2006
- Source Code:
Current_SiteGenerator_Source.zip<http://owasp.cvs.sourceforge.net/*checkout*/owasp/dotnet/SiteGenerator/SiteGenerator.zip>(Version
0.80)
Accessing SVN for SiteGenerator
- One way is to browse the SVN online by going to the SiteGenerator
Source Tree<http://owasp-code-central.googlecode.com/svn/trunk/labs/SiteGenerator/>
- Another way is to configure your SVN client to download the source
locally.
Installation and configuration notes
- Before you install the website portion please confirm the following.
- There is an application pool that is configured to run under
the System account
- A website that is pointed to where you want the Site
Generatorator web portion to be installed
- Configure the website to run Asp.Net 2.0
- Make sure there is an application for that website and have it
set to the application pool created in the first step
- Add a IIS wildcard Application Mapping (accessible via Home
Directory -> Configuration) to
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll and untick
the 'Verify that file exists'
- Note: On Windows XP the OK button might appear disable.
You will need to browse to the file and then select the
location and also
put a dot in from of the asterik (i.e. .*) for the OK
button to be enabled
- Make sure Default.htm is one of the files included in the
default document list (in the 'Documents' tab)
- Configure the Website's IP Address to be 127.0.0.1, and click
on the Advanced button to add a new host header mapping
- Install the WebSite (selecting as the target the website created in
the previous step)
- Install the GUI
- Click on the SiteGenerator link that was placed on your desktop
If all goes well you now can browse to your localhost and see the default
SiteGenerator's website. If you see a blank page, try http://<SITE
NAME>/Default.htm (you might be getting a cached version of http://<SITE
NAME>)
Note that the SQL Injection vulnerabilities expect that you have the latest
version of HacmeBank (v2.0) installed in your box.
Introduction to SiteGenerator
- This tool has been sponsored by Foundstone, BUT (and it is a big
but) it is being released under the Owasp .Net Project and an Open Source
Licence. So Kudos for Foundstone for doing this and I hope they get good
exposure from it
- The main objective of the tool is to create dynamic websites based
on XML files which will 'map' to a database containing hundreds of different
vulnerabilities (some simple to detect/exploit, some harder) covering
multiple
languages and web development architectures (for example navigation: Html,
JavaScript, Flash, Java, etc...)
- There are many ways this tool can be used, here are just a couple
starting ideas:
- As a training tool since it allows the creation of multiple
websites with multiple variations of vulnerabilities
- As a Web Application Honeypot (since we are able to create
dynamic ( i.e. false) websites and track / monitor in real-time
all requests made)
- As a test ground for newly discovered vulnerabilities types
and its exploit vectors
- As a benchmark for Web Security Scanners
- The Web Security Scanner benchmarking and testing is the most
obvious short-term application for this tool, but I think that as it evolves
the others will be proven to be as (if not more) valuable
- On the Web Security Scanner issue:
- My main hope is that the Web Security Scanner Companies will
see this tool as an opportunity and work with the Owasp .Net project (and
other groups that want to be involved) in a productive and
constructive way
- Although in the short term some Web Security Scanners might
have some bad results (well, at least when compared with what their
Marketing machine publishes :) in the medium term, as they adapt
and improve
their scanning techniques, everybody will benefit
- One of the core objectives of the tool (when thinking about
benchmarking Web Security Scanners) is to be able to create real and
measurable metrics. For example:
- Scanner X was able to detect 65% of the vulnerabilities
where Scanner Y was able to detect 90%
- Scanner X made 10000 to detect those 65% (over a period
of 16h) where scanner Y made 4000 request (over a period of 10h)
- 20% of Scanner X results where false positives,
where Scanner Y had 50% false positives
- Scanner X was able to deal with Html and
JavaScript navigation, Scanner Y was able to deal with
Html, JavaScript and
Flash, and both where NOT able to deal with Java based
navigation systems
- Scanner X is not able to go more than 40 levels
deep, Scanner Y is able to go up at least 100 levels deep
(if not more)
- etc, etc, etc
- There will be two main types of tests that can be done
in the short term:
- Provive the links to all different types of
vulnerabilities existent in the database, and see how many
can the scanner
correctly identify? and
- When multiple types of website architectures and
navigation techniques are used, how many vulnerabilities is
the scanner able
to detect?
- In order to test (and further improve the tool) I want to take
this opportunity to ask the Web Application Security Scanners
that subscribe
to this list (which I believe all do) to give the Owasp .Net project a
temporary licence to their product so that we can use it during
development
and during some basic benchmarking that we might do (and NO, I
will not sign
an NDA that doesn't allow me to publish the data collected, in
fact I will
not sign ANY NDA with ANY web application security scanner company)
- Note that at the moment I (Dinis) have no plans to do a full
benchmarking exercise since I don't have the time required, but
I know of at
least one group of experienced security consultants which is
starting such
project (and I will be supporting them). If anybody else is interested in
doing a similar benchmarking project please contact me directly
- Regarding how the tool works, here is a brief technical description:
There are two main components: A webserver (which can be IIS or a custom
webserver) and a GUI application (written in C# 2.0). The GUI Application is
responsible for handling all mappings (from the virtual requests to the
actual pages on disk). The two main components talk over tcp on port 4,000,
the GUI application listens for requests from the web server and then
returns an answer to the webserver
The current version is hardcoded to IIS, although in the code there is
support for using a custom .Net webserver. This IIS version uses an
HttpHander to capture all requests and communicate with the GUI Application
(called SiteGeneratorGUI)
The dynamic websites are defined by XML files like this (which are edited on
the GUI Application using the WYSIWYG Altova Authentic Browser Object (SPS
files created via Altova's StyleVision application)):
<?xml version="1.0" encoding="utf-8" ?>
<SiteGenerator name="SiteGenerator Demo"
xmlns:ipo="http://www.altova.com/IPO"
xmlns="http://www.xmlspy.com/schemas/orgchart"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<site>
<folder name="">
<file mappedTo="aspx/Default.aspx" name="HelloWorld.aspx" />
<folder name="htm" />
<folder name="aspx">
<file mappedTo="aspx/pages.htm" name="pages.htm" />
<file mappedTo="aspx/xss.aspx" name="xss.aspx" />
<file mappedTo="aspx/SqlInjection_Easy.aspx"
name="SqlInjection.aspx" />
<file mappedTo="aspx/SqlInjection_Hard.aspx"
name="SqlInjection2.aspx" />
</folder>
<folder name="flash">
<file mappedTo="flash/cromas_xml.swf"
name="cromas_xml.swf" />
<file mappedTo="flash/cromas_xml.htm" name="menu.htm" />
<file mappedTo="/flash/cromas_menu.xml"
name="cromas_menu.xml" />
</folder>
</folder>
</site>
</SiteGenerator>
SiteGeneratorGUI.exe and IIS will map the virtual name "HelloWorld.aspx" to
the file on disk "aspx/Default.aspx" . For example:
http://localhost/HelloWorld.aspx --> F:\Owasp
SiteGenerator\SiteGenerator_ContentPages\aspx\Default.aspx
So to create new websites all you need to do is to create a new XML file
Then to create new vulnerabilities type, all you need to create in an Aspx
page and map it to the xml file
How To Use SiteGenerator
SiteGenerator contains four different screens that can be used they are
further explained below. In all of the screen shots you will see a bottom
pane this contains all the information that is flowing from the website to
the fat client. Clicking on "Clear Received Data" will clear out the bottom
text area and the information found on the file transformations log tab.
*Edit / Create Dynamic Websites Tab*
[image: Image:sg_maintain_websites_ss.jpg]<http://www.owasp.org/index.php/Image:Sg_maintain_websites_ss.jpg>
This area allows users to create a basic website that could be used. You can
also remove a website and modify it using the word like widget.
Select the root path for the site "/" you can choose the default page this
can be another page that you have previously mapped or a specific path to a
file.
* File Transformations Log*
[image: Image:sg_file_transformations_tab.jpg]<http://www.owasp.org/index.php/Image:Sg_file_transformations_tab.jpg>
This tab allows a user to see how the transformations are working. For
example you could make sure that the new mapping for f00.aspx actually was
converted to /test123/test.aspx.
*Web Browser Tab*
[image: Image:sg_webrowser_tab_ss.jpg]<http://www.owasp.org/index.php/Image:Sg_webrowser_tab_ss.jpg>
This tab will allow for a user to browse to the generated website instead of
using a normal browser.
*Website Creator Tab*
[image: Image:Sg_website_creator_tab_ss.jpg]<http://www.owasp.org/index.php/Image:Sg_website_creator_tab_ss.jpg>
This tab allows a user to initially create the files for a given website.
[Attachment #5 (text/html)]
Hello, I just realized that I never sent to this list the latest information on the \
new version of OSG (OWASP SiteGenerator) which is much more stable and usable \
:)<br><br clear="all">Please test it and send all feedback to me and Mike. <br><br>If \
you are looking for mini projects, adding vulnerabilities to OSG are a great place to \
start<br><br>Dinis Cruz<br>Chief OWASP Evangelist, Are you a member yet?<br><a \
href="http://www.owasp.org">http://www.owasp.org </a><br><br><h1 \
class="firstHeading">OWASP SiteGenerator</h1><h2>Description</h2> <p>OWASP \
SiteGenerator allows the creating of dynamic websites based on XML files and \
predefined vulnerabilities (some simple, some complex) covering .Net languages and \
web development architectures (for example,
navigation: Html, Javascript, Flash, Java, etc...).
</p><p><br>
</p>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="Uses"></a><h2>Uses</h2> <ul><li> Evaluation of Web Application Security \
Scanners </li><li> Evaluation of Web Application Firewalls
</li><li> Developer Training
</li><li> Web Honeypots
</li><li> Web Application hacking contests (or evaluations)
</li><li> Whatever your mind can come up with!
</li></ul>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="Downloads"></a><h2>Downloads</h2> <ul><li> Website installer: <a \
href="http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_IIS_Website_Setup_v0.80.msi" \
class="external text" \
title="http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_IIS_Website_Setup_v0.80.msi" \
rel="nofollow"> SiteGenerator_IIS_Website_Setup.msi</a> (Version 0.80) - Updated \
12/20/2006 </li><li> Gui Installer: <a \
href="http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_GUI_Setup_v0.80.msi" \
class="external text" \
title="http://umn.dl.sourceforge.net/sourceforge/owasp/SiteGenerator_GUI_Setup_v0.80.msi" \
rel="nofollow"> Owasp_SiteGenerator.msi</a> (Version 0.80) - Updated 12/20/2006
</li><li> Source Code: <a \
href="http://owasp.cvs.sourceforge.net/*checkout*/owasp/dotnet/SiteGenerator/SiteGenerator.zip" \
class="external text" \
title="http://owasp.cvs.sourceforge.net/*checkout*/owasp/dotnet/SiteGenerator/SiteGenerator.zip" \
rel="nofollow"> Current_SiteGenerator_Source.zip</a> (Version 0.80)
</li></ul>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="Accessing_SVN_for_SiteGenerator"></a><h2>Accessing SVN for SiteGenerator</h2> \
<ul><li> One way is to browse the SVN online by going to the <a \
href="http://owasp-code-central.googlecode.com/svn/trunk/labs/SiteGenerator/" \
class="external text" \
title="http://owasp-code-central.googlecode.com/svn/trunk/labs/SiteGenerator/" \
rel="nofollow"> SiteGenerator Source Tree</a>
</li><li> Another way is to configure your SVN client to download the source locally.
</li></ul>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="Installation_and_configuration_notes"></a><h2>Installation and configuration \
notes</h2> <ul><li> Before you install the website portion please confirm the \
following. <ul><li> There is an application pool that is configured to run under the \
System account </li><li> A website that is pointed to where you want the Site \
Generatorator web portion to be installed </li><li> Configure the website to run \
Asp.Net 2.0 </li><li> Make sure there is an application for that website and have it \
set to the application pool created in the first step </li><li> Add a IIS wildcard \
Application Mapping (accessible via Home Directory -> Configuration) to
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll and
untick the 'Verify that file exists'
<ul><li> Note: On Windows XP the OK button might appear disable. You
will need to browse to the file and then select the location and also
put a dot in from of the asterik (i.e. .*) for the OK button to be
enabled
</li></ul>
</li><li> Make sure Default.htm is one of the files included in the default document \
list (in the 'Documents' tab) </li><li> Configure the Website's IP \
Address to be <a href="http://127.0.0.1">127.0.0.1</a>, and click on the Advanced \
button to add a new host header mapping </li></ul>
</li><li> Install the WebSite (selecting as the target the website created in the \
previous step) </li><li> Install the GUI
</li><li> Click on the SiteGenerator link that was placed on your desktop
</li></ul>
<p><br>
If all goes well you now can browse to your localhost and see the
default SiteGenerator's website. If you see a blank page, try
http://<SITE NAME>/Default.htm (you might be getting a cached version of
http://<SITE NAME>)
</p><p>Note that the SQL Injection vulnerabilities expect that you have the
latest version of HacmeBank (v2.0) installed in your box.
</p><p><br>
</p>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="Introduction_to_SiteGenerator"></a><h2> Introduction to SiteGenerator </h2> \
<ul><li> This tool has been sponsored by Foundstone, BUT (and it is a big but) it is \
being released under the Owasp .Net Project and an Open Source Licence. So Kudos for \
Foundstone for doing this and I hope they get good exposure from it
</li></ul>
<ul><li> The main objective of the tool is to create dynamic websites
based on XML files which will 'map' to a database containing hundreds
of different vulnerabilities (some simple to detect/exploit, some
harder) covering multiple </li></ul>
<p>languages and web development architectures (for example navigation: Html, \
JavaScript, Flash, Java, etc...) </p>
<ul><li> There are many ways this tool can be used, here are just a couple starting \
ideas: <ul><li> As a training tool since it allows the creation of multiple websites \
with multiple variations of vulnerabilities </li><li> As a Web Application Honeypot \
(since we are able to create dynamic ( i.e. false) websites and track / monitor in \
real-time all requests made)
</li><li> As a test ground for newly discovered vulnerabilities types and its exploit \
vectors </li><li> As a benchmark for Web Security Scanners
</li></ul>
</li></ul>
<ul><li> The Web Security Scanner benchmarking and testing is the most
obvious short-term application for this tool, but I think that as it
evolves the others will be proven to be as (if not more) valuable
</li></ul>
<ul><li> On the Web Security Scanner issue:
<ul><li> My main hope is that the Web Security Scanner Companies will
see this tool as an opportunity and work with the Owasp .Net project
(and other groups that want to be involved) in a productive and
constructive way
</li><li> Although in the short term some Web Security Scanners might
have some bad results (well, at least when compared with what their
Marketing machine publishes :) in the medium term, as they adapt and
improve their scanning techniques, everybody will benefit
</li><li> One of the core objectives of the tool (when thinking about
benchmarking Web Security Scanners) is to be able to create real and
measurable metrics. For example:
<ul><li> Scanner X was able to detect 65% of the vulnerabilities where Scanner Y was \
able to detect 90% </li><li> Scanner X made 10000 to detect those 65% (over a period \
of 16h) where scanner Y made 4000 request (over a period of 10h) <ul><li> 20% of \
Scanner X results where false positives, where Scanner Y had 50% false positives \
</li><li> Scanner X was able to deal with Html and JavaScript navigation, Scanner Y \
was able to deal with Html, JavaScript and Flash, and both where NOT able to deal \
with Java based navigation systems </li><li> Scanner X is not able to go more than 40 \
levels deep, Scanner Y is able to go up at least 100 levels deep (if not more) \
</li><li> etc, etc, etc </li></ul>
</li></ul>
</li><li> There will be two main types of tests that can be done in the short term:
<ul><li> Provive the links to all different types of vulnerabilities
existent in the database, and see how many can the scanner correctly
identify? and
</li><li> When multiple types of website architectures and navigation
techniques are used, how many vulnerabilities is the scanner able to
detect?
</li></ul>
</li><li> In order to test (and further improve the tool) I want to
take this opportunity to ask the Web Application Security Scanners that
subscribe to this list (which I believe all do) to give the Owasp .Net
project a temporary licence to their product so that we can use it
during development and during some basic benchmarking that we might do
(and NO, I will not sign an NDA that doesn't allow me to publish the
data collected, in fact I will not sign ANY NDA with ANY web
application security scanner company)
</li><li> Note that at the moment I (Dinis) have no plans to do a full
benchmarking exercise since I don't have the time required, but I know
of at least one group of experienced security consultants which is
starting such project (and I will be supporting them). If anybody else
is interested in doing a similar benchmarking project please contact me
directly
</li></ul>
</li></ul>
<ul><li> Regarding how the tool works, here is a brief technical description:
</li></ul>
<p>There are two main components: A webserver (which can be IIS or a
custom webserver) and a GUI application (written in C# 2.0). The GUI
Application is responsible for handling all mappings (from the virtual
requests to the actual pages on disk). The two main components talk
over tcp on port 4,000, the GUI application listens for requests from
the web server and then returns an answer to the webserver
</p><p>The current version is hardcoded to IIS, although in the code
there is support for using a custom .Net webserver. This IIS version
uses an HttpHander to capture all requests and communicate with the GUI
Application (called SiteGeneratorGUI)
</p><p>The dynamic websites are defined by XML files like this (which
are edited on the GUI Application using the WYSIWYG Altova Authentic
Browser Object (SPS files created via Altova's StyleVision
application)):
</p>
<pre> <?xml version="1.0" encoding="utf-8" ?><br> \
<SiteGenerator name="SiteGenerator Demo" xmlns:ipo="<a \
href="http://www.altova.com/IPO">http://www.altova.com/IPO</a>" <br> \
xmlns="<a href="http://www.xmlspy.com/schemas/orgchart">http://www.xmlspy.com/schemas/orgchart</a>" \
xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance
</a>"><br> <site><br> <folder \
name=""><br> <file \
mappedTo="aspx/Default.aspx" name="HelloWorld.aspx" /><br> \
<folder name="htm" /> <br> <folder \
name="aspx"><br> <file \
mappedTo="aspx/pages.htm" name="pages.htm" /><br> \
<file mappedTo="aspx/xss.aspx" name=" xss.aspx" /><br> \
<file mappedTo="aspx/SqlInjection_Easy.aspx" \
name="SqlInjection.aspx" /><br> <file \
mappedTo="aspx/SqlInjection_Hard.aspx" name=" SqlInjection2.aspx" \
/><br> </folder><br> <folder \
name="flash"><br> <file \
mappedTo="flash/cromas_xml.swf" name="cromas_xml.swf" /> <br> \
<file mappedTo="flash/cromas_xml.htm" name="menu.htm" \
/><br> <file mappedTo="/flash/cromas_menu.xml" \
name="cromas_menu.xml" /> <br> </folder><br> \
</folder><br> </site><br> </SiteGenerator><br></pre> \
<p>SiteGeneratorGUI.exe and IIS will map the virtual name "HelloWorld.aspx" \
to the file on disk "aspx/Default.aspx" . For example: </p><p><a \
href="http://localhost/HelloWorld.aspx" class="external free" \
title="http://localhost/HelloWorld.aspx" \
rel="nofollow">http://localhost/HelloWorld.aspx</a> --> F:\Owasp \
SiteGenerator\SiteGenerator_ContentPages\aspx\Default.aspx </p><p>So to create new \
websites all you need to do is to create a new XML file </p><p>Then to create new \
vulnerabilities type, all you need to create in an Aspx page and map it to the xml \
file </p>
<div class="editsection" style="float: right; margin-left: 5px;"><br></div><a \
name="How_To_Use_SiteGenerator"></a><h2>How To Use SiteGenerator</h2> \
<p>SiteGenerator contains four different screens that can be used they are further \
explained below. In all of the screen shots you will see a bottom pane this contains \
all the information that is flowing from the website to the fat client. Clicking on \
"Clear Received Data" will clear out the bottom text area and the \
information found on the file transformations log tab. </p><p><b>Edit / Create \
Dynamic Websites Tab</b> </p><p><a \
href="http://www.owasp.org/index.php/Image:Sg_maintain_websites_ss.jpg" class="image" \
title="Image:sg_maintain_websites_ss.jpg"><img \
src="http://www.owasp.org/images/2/2f/Sg_maintain_websites_ss.jpg" \
alt="Image:sg_maintain_websites_ss.jpg" \
longdesc="/index.php/Image:Sg_maintain_websites_ss.jpg" height="420" width="650"> \
</a> </p><p>This area allows users to create a basic website that could be
used. You can also remove a website and modify it using the word like
widget. </p><p>Select the root path for the site "/" you can choose the
default page this can be another page that you have previously mapped
or a specific path to a file. </p><p><br>
<b> File Transformations Log</b>
</p><p><a href="http://www.owasp.org/index.php/Image:Sg_file_transformations_tab.jpg" \
class="image" title="Image:sg_file_transformations_tab.jpg"><img \
src="http://www.owasp.org/images/5/53/Sg_file_transformations_tab.jpg" \
alt="Image:sg_file_transformations_tab.jpg" \
longdesc="/index.php/Image:Sg_file_transformations_tab.jpg" height="420" width="650"> \
</a> </p><p>This tab allows a user to see how the transformations are
working. For example you could make sure that the new mapping for
f00.aspx actually was converted to /test123/test.aspx.
</p><p><br>
<b>Web Browser Tab</b>
</p><p><a href="http://www.owasp.org/index.php/Image:Sg_webrowser_tab_ss.jpg" \
class="image" title="Image:sg_webrowser_tab_ss.jpg"><img \
src="http://www.owasp.org/images/c/c6/Sg_webrowser_tab_ss.jpg" \
alt="Image:sg_webrowser_tab_ss.jpg" \
longdesc="/index.php/Image:Sg_webrowser_tab_ss.jpg" height="418" width="650"> </a>
</p><p>This tab will allow for a user to browse to the generated website instead of \
using a normal browser. </p><p><br>
<b>Website Creator Tab</b>
</p><p><a href="http://www.owasp.org/index.php/Image:Sg_website_creator_tab_ss.jpg" \
class="image" title="Image:Sg_website_creator_tab_ss.jpg"><img \
src="http://www.owasp.org/images/1/19/Sg_website_creator_tab_ss.jpg" \
alt="Image:Sg_website_creator_tab_ss.jpg" \
longdesc="/index.php/Image:Sg_website_creator_tab_ss.jpg" height="420" width="650"> \
</a> </p><p>This tab allows a user to initially create the files for a given website. \
</p><br>
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic